sylvest

Can I use SSL to secure a web site hosted on TCH? If so, how? The reason I need this is because I want to use HTTP authentication for a secure section of my web site, to avoid having to develop an authentication scheme from scratch, but (as I understand it) TCH does not support mod_auth_digest (in fact it only supports Basic authentication which sends passwords in open text across the internet - totally insecure). Using Basic auth via SSL would be ne alternative that would overcome this security hole. Thanks - Rowan

I can't get Digest Authorization to work. My .htaccess file looks like this: ExpiresActive Off Header append Cache-Control "no-cache" BrowserMatch "MSIE" AuthDigestEnableQueryStringHack=On AuthType Digest AuthName "My Protected Area 1" AuthUserFile /home/sylvest/memberplus/passwd Require valid-user ----------- The passwd file looks like this: admin:$apr1$vNPbekIW$YT8.KEIRRSiAkVESZVarn. admin:PePpH3sRcEdno rowan.bradley:$apr1$ToFKdZyL$9GKPrDjjLSr1oIOlF1bLk. rowan.bradley:xSA/797wQy8Mg ----------- It just keeps asking me for a username and password even if I enter the correct username and password. It's the same in IE8 and Firefox, so it's not an IE specific problem. If I simply change the word Digest to Basic, it works fine in both IE8 and FF. What have I got wrong? Thanks - Rowan

That's a fine offer, thanks. I may do this if I get desperate, but a better solution would be for me to have the tools needed to debug these issues myself. I'm beginning to have a bit of success by adding some rewrite rules to report the values of variables etc. in the returned headers. Very tedious but better than no visibility at all... For the moment I'm struggling on with trying to understand how all this works and get it right... Rowan

Is it not possible to get some logging from mod-rewrite? That would make it so much easier! Otherwise I'm reduced to trying things at random and hoping that eventually one of them will work... Thanks - Rowan

Thanks for your suggestion. Do you mean the permissions of the .htaccess file? It was 644. I've changed it to 666 but it makes no difference to the 500 error. In any case, why would the server be _writing_ to the .htaccess file? Thanks - Rowan

Hi, I'm just starting to get to grips with the rewriting engine. I'm getting server "500" errors. Where does the rewriting engine write its log messages? Can I change this? Can I change the debug level? It doesn't seem to accept RewriteLog or RewriteLogLevel commands in the .htaccess file. Can you suggest any otehr ways of finding out what's happening while it's processing my .htaccess file? Thanks - Rowan

Thanks all for your help. After that download/delete/upload trick my script is now working again, and I've learnt some things in the process, so I won't bother the help desk on this occasion. Next time though... Thanks again for your help - Rowan

I find that I can download the file, delete it from the server and upload it again, and magically its owner changes to 32191. One problem solved (although this is presumably not the best way of doing it...). Rowan

B*** Microsoft - why can't they get anything right? :-) I discover that using BeyondCompare (the only FTP client that I've got installed apart from Windows Explorer), I can see an owner property that's set to a number. Most things on my site are set to 32191. The offending file is set to 99. How do I know what these numbers mean? What could have changed the ownership of the file tickets.log from 32191 to 99? How do I change it back again? Although BeyondCompare can show me the owner, it doesn't seem to allow me to change it. Thanks - Rowan

Thanks for your reply. How do I check the owner? As far as I can see there's no facility to do this in the cPanel File Manager, nor does there seem to be a way when I connect via FTP using Windows Explorer.. Thanks - Rowan

One of my scripts has stopped working. I have the following code in the file /home/****/gc/functions.php: $logfile = "/home/****/logs/tickets.log"; function logopen() { global $logf,$logfile; if (isset($logfile) and ($logfile != "")) { $logf = fopen($logfile, 'a'); } } This fails with the following: Error code: 2 Error message: fopen(/home/****/logs/tickets.log) [function.fopen]: failed to open stream: Permission denied Script name and line number of error: /home/****/gc/functions.php:36 Variable state when error occurred: /home/****/logs/tickets.log The file /home/****/logs/tickets.log exists, and has permissions 644 The directory /home/****/logs has permissions 775 I am not out of disk space. Can anyone suggest why this has stopped working? I have not used it for a couple of months, but it used to work... Thanks - Rowan

Does anyone know whether it's possible to install Mantis bug tracking software on a TCH account (i.e. without command line access to the server)? Or if not is there any other bug tracking package that will run on TCH and into which I might be able to import my Mantis data? Thanks - Rowan

Thanks for your replies. I guess I'll have to learn how to set up a server of my own to try this out... Rowan

Does anyone know whether I can (or whether it's worth trying) running Intalio Server on TCH? This is a web based Business Process Management engine, written in Java, and using Geronimo, Axis2 and various other technologies that I don't know much about. Is there any obvious reason why this won't run in my account on TCH? What would I need to know in order to try this out? Thanks - Rowan

Hi, When I record events in my database, I'd like to store them as GMT, so it doesn't matter where the server is, and I can correct them when presenting them to the user for the timezone he's in. I thought I could do this using the PHP function gmmktime() but this is returning the wrong time - it's 4 hours behind GMT, which sounds like the local time at the server if this is in Eastern US. How do I get the current time in GMT? Or alternatively, how do I discover (dynamically) the time zone of the server (correcting for DST) so I can do the correction myself? Thanks - Rowan

phpinfo() tells me that session.use_trans_sid is set to 0. This is presumably why it's not automatically including SID in the URLs. Can I change this config parameter just for my site on TCH, or is it a server-wide setting? I can't find any kind of local php.ini file... Thanks - Rowan

Another point: if I have to include the SID in the URL in case cookies are not available, what is the generic way of doing this? Presumably adding "?" . SID onto the end of URLs won't work if: the URL already has some GET parameters (then I'd have two '?'s which would be a syntax error) the URL points to a site or directory (with or without a trailing /) and relies on the server fetching the default document possibly if the page is using POST (can a page return parameters via both GET and POST?) others I may not have thought of... How do I write some PHP to add SID to the URL which will work with all types of URL? Thanks - Rowan

That works. But a) as far as I know, I have cookies enabled. I'm using IE7 in Vista with its privacy set to Medium. My cookies folder has lots of current cookies in it - why is it rejecting my PHP session cookie if it accepts all of these? I thought PHP was meant to automatically switch to including the SID in the URL if cookies were not available. Why is it not doing this? c) I need the solution to this to be on the server, not the client, otherwise many members of the public won't be able to access my web site. I need people who are using normal browsers with normal settings to be able to access the site. Any advice on how to achieve this? Many thanks - Rowan

The page test1.php prints out 'abracadabra'; the page test2.php doesn't. Try it at: http://www.grantachorale.org.uk/members2/test1.php

I can't get PHP to remember the $_SESSION array from one page to the next. I'm using session varaibles to remember login settings, but when the user goes to a second page eitehr by linking to it, or via a header redirect, or just typing in the URL, the $_SESSION array is empty. Here are a couple of test pages I've written: Page test1.php starts the session and sets a session variable: <?php //prevents caching header("Expires: Sat, 01 Jan 2000 00:00:00 GMT"); header("Last-Modified: ".gmdate("D, d M Y H:i:s")." GMT"); header("Cache-Control: post-check=0, pre-check=0",false); session_cache_limiter(); session_start(); $_SESSION['myvar'] = 'abracadabra'; $page_title="Test Page 1"; echo "<html>"; echo "<head>"; echo "<title>" . $page_title . "</title>"; echo "</head>"; echo "<body>"; echo "<h1><center>" . $page_title . "</center></h1>"; print_r($_SESSION); echo "<p><a href='test2.php'>Go to Test2</a></p>"; echo "</body>"; echo "</html>"; ?> Page test2.php sould be able to remember the session variables, but doesn't: <?php //prevents caching header("Expires: Sat, 01 Jan 2000 00:00:00 GMT"); header("Last-Modified: ".gmdate("D, d M Y H:i:s")." GMT"); header("Cache-Control: post-check=0, pre-check=0",false); session_cache_limiter(); session_start(); $page_title="Test Page 2"; echo "<html>"; echo "<head>"; echo "<title>" . $page_title . "</title>"; echo "</head>"; echo "<body>"; echo "<h1><center>" . $page_title . "</center></h1>"; print_r($_SESSION); echo "</body>"; echo "</html>" ?> What am I doing wrong? Thanks - Rowan

What if there's no index.html file? What other files does it recognise, and in which order does it choose them? How do I alter this in the .htaccess file? Thanks - Rowan

If a user enters a URL with just a directory name, what files does the server look for in whch order? I.e. if the user enters http://www.mysite.org/subfolder1, and in the directory /home/myaccount/public_html/subdirectory1 I have some of the files index.html index.htm index.php index.php3 default.html etc. Which file does the server return? Thanks - Rowan

I've adapted my "Trashmail" script to use the new mailbox format and it has been running perfectly for months doing exactly what I want, and sending me a weekly report telling me what it's done. In my case I don't want to have to download all my spam by POP3 so I can't use Ageing. I just want the spam to be kept for a while on TCH's servers so if some mail seems to be going missing I can go and look for it in the spam mailbox using webmail, and recover it if it's there. If I haven't missed it after a couple of weeks I figure it's OK to delete it. I'd be happy to share my script with anyone who's interested in exchange for an occasional report saying how well it's working for you... Rowan

Hi, I've noticed that some messages that I received weeks ago annoyingly stay at the top of the list of received mails when viewed in SquirrelMail. On investigation these messages seem to be ones where there is no Date header. It seems to assume that messages with no Date header were received on today's date. Here's an example: Return-path: <bt.xzxzxz@bt.com> Envelope-to: rowan@xzxzxzxzxz.org Delivery-date: Fri, 21 Sep 2007 15:33:08 -0400 Received: from saturn.bt.com ([193.113.57.20] helo=CBIBIPNT02.iuser.iroot.adidom.com) by byss.tchmachines.com with smtp (Exim 4.68) (envelope-from <bt.xzxzxzxz@bt.com>) id 1IYoFG-0003kd-RO for rowan@zxzxzxzxzx.org; Fri, 21 Sep 2007 15:33:08 -0400 Received: From smtp2.intra.bt.com ([147.149.100.154]) by CBIBIPNT02.iuser.iroot.adidom.com (WebShield SMTP v4.5 MR1a P0803.399); id 119039613713; Fri, 21 Sep 2007 18:35:37 +0100 From: "BT" <bt.zxzxzxzx@bt.com> To: rowan@xzxzxzxzxz.org Subject: Save £50 on the BT Internet Radio plus lots more offers on phones and more at the BT Shop Reply-To: "BT" <bt.zxzxzxzxz@bt.com> X-Mailer: Chordiant Online Marketing Director Message-ID: <PK:3054931900_3688_7_1_1_.210920071835@smtp2.intra.bt.com> MIME-Version: 1.0 ( Generated by Chordiant Online Marketing Director ) Content-Type: text/html Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-1.7 X-Spam-Score: -16 X-Spam-Bar: - X-Spam-Flag: NO In the SquirrelMail message list this messages says its "Date" is today at 11:33am and this is what's used to sort the message list, although it's clear from the Delivery-date header that it came on 21st September. Surely SquirrelMail should use the Delivery-date header as the date if there's no Date header? Thanks - Rowan

I've now written a script that does exactly what I want (leaves spam in a folder on TCH for a preset number of days, so the user can check it via web-mail for incorrectly spammed messages if he wants, then automatically deletes the messages). It's working well for me. If anyone would like to try this, please send me an e-mail. Rowan